genkey1024.test hanging on low-entropy systems

Werner Koch wk at gnupg.org
Thu Oct 30 09:56:30 CET 2014


On Thu, 30 Oct 2014 00:05, dkg at fifthhorseman.net said:

> should the tests use --debug-quick-random to avoid a hang?  Is there any

That does not works because gpg-agent creates the key.  It is a bit
complicated to start gpg-agent in lower random quality mode.  I added a
command line only option --debug-quick-random to gpg-agent and some
hacks to allow passing it to the start-the-agent-on-the-fly code.

Pushed.

Thanks for reminding about this.  I usuallay resort to the rngd hack ;-).


Salam-Shalom,

   Werner

==
commit 9546aa3cc87fc83a40768a12fbbceb19496ce129 (HEAD, refs/heads/wk-master)
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 30 09:55:51 2014 +0100

    tests: Speed up the genkey1024.test by using not so strong random.
    
    * agent/gpg-agent.c (oDebugQuickRandom): New.
    (opts): New option --debug-quick-random.
    (main): Use new option.
    * common/asshelp.c (start_new_gpg_agent): Add hack to pass an
    additional argument for the agent name.
    * tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
    starting parameters.
    * tests/openpgp/version.test: Ditto.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

	Modified   agent/gpg-agent.c
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index af91506..3f03ff4 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -81,6 +81,7 @@ enum cmd_and_opt_values
   oDebugAll,
   oDebugLevel,
   oDebugWait,
+  oDebugQuickRandom,
   oNoGreeting,
   oNoOptions,
   oHomedir,
@@ -149,6 +150,7 @@ static ARGPARSE_OPTS opts[] = {
   { oDebugAll, "debug-all"     ,0, "@"},
   { oDebugLevel, "debug-level" ,2, "@"},
   { oDebugWait,"debug-wait",1, "@"},
+  ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
   { oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
   { oNoGrab, "no-grab"     ,0, N_("do not grab keyboard and mouse")},
   { oLogFile, "log-file"   ,2, N_("use a log file for the server")},
@@ -730,6 +732,11 @@ main (int argc, char **argv )
           default_config = 0; /* --no-options */
 	else if (pargs.r_opt == oHomedir)
           opt.homedir = pargs.r.ret_str;
+	else if (pargs.r_opt == oDebugQuickRandom)
+          {
+            gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+          }
+
     }
 
   /* Initialize the secure memory. */
@@ -847,6 +854,10 @@ main (int argc, char **argv )
 #        endif
           break;
 
+        case oDebugQuickRandom:
+          /* Only used by the first stage command line parser.  */
+          break;
+
         case oWriteEnvFile: /* dummy */ break;
 
         default : pargs.err = configfp? 1:2; break;
	Modified   common/asshelp.c
diff --git a/common/asshelp.c b/common/asshelp.c
index e97d396..3fc28a1 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -363,7 +363,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
   assuan_context_t ctx;
   int did_success_msg = 0;
   char *sockname;
-  const char *argv[5];
+  const char *argv[6];
 
   *r_ctx = NULL;
 
@@ -380,10 +380,31 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
     {
       char *abs_homedir;
       lock_spawn_t lock;
+      char *program = NULL;
+      const char *program_arg = NULL;
+      char *p;
+      const char *s;
+      int i;
 
       /* With no success start a new server.  */
       if (!agent_program || !*agent_program)
         agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
+      else if ((s=strchr (agent_program, '|')) && s[1] == '-' && s[2]=='-')
+        {
+          /* Hack to insert an additional option on the command line.  */
+          program = xtrystrdup (agent_program);
+          if (!program)
+            {
+              gpg_error_t tmperr = gpg_err_make (errsource,
+                                                 gpg_err_code_from_syserror ());
+              xfree (sockname);
+              assuan_release (ctx);
+              return tmperr;
+            }
+          p = strchr (program, '|');
+          *p++ = 0;
+          program_arg = p;
+        }
 
       if (verbose)
         log_info (_("no running gpg-agent - starting '%s'\n"),
@@ -404,6 +425,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
           log_error ("error building filename: %s\n",gpg_strerror (tmperr));
           xfree (sockname);
           assuan_release (ctx);
+          xfree (program);
           return tmperr;
         }
 
@@ -416,30 +438,32 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
           xfree (sockname);
           assuan_release (ctx);
           xfree (abs_homedir);
+          xfree (program);
           return tmperr;
         }
 
       /* If the agent has been configured for use with a standard
          socket, an environment variable is not required and thus
          we we can savely start the agent here.  */
-
-      argv[0] = "--homedir";
-      argv[1] = abs_homedir;
-      argv[2] = "--use-standard-socket";
-      argv[3] = "--daemon";
-      argv[4] = NULL;
+      i = 0;
+      argv[i++] = "--homedir";
+      argv[i++] = abs_homedir;
+      argv[i++] = "--use-standard-socket";
+      if (program_arg)
+        argv[i++] = program_arg;
+      argv[i++] = "--daemon";
+      argv[i++] = NULL;
 
       if (!(err = lock_spawning (&lock, homedir, "agent", verbose))
           && assuan_socket_connect (ctx, sockname, 0, 0))
         {
-          err = gnupg_spawn_process_detached (agent_program, argv,NULL);
+          err = gnupg_spawn_process_detached (program? program : agent_program,
+                                              argv, NULL);
           if (err)
             log_error ("failed to start agent '%s': %s\n",
                        agent_program, gpg_strerror (err));
           else
             {
-              int i;
-
               for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
                 {
                   if (verbose)
@@ -462,6 +486,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
 
       unlock_spawning (&lock, "agent");
       xfree (abs_homedir);
+      xfree (program);
     }
   xfree (sockname);
   if (err)
	Modified   doc/gpg-agent.texi
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 7eadf59..a4079d7 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -293,6 +293,14 @@ When running in server mode, wait @var{n} seconds before entering the
 actual processing loop and print the pid.  This gives time to attach a
 debugger.
 
+ at item --debug-quick-random
+ at opindex debug-quick-random
+This option inhibits the use the very secure random quality level
+(Libgcrypt’s @code{GCRY_VERY_STRONG_RANDOM}) and degrades all request
+down to standard random quality.  It is only used for testing and
+shall not be used for any production quality keys.  This option is
+only effective when given on the command line.
+
 @item --no-detach
 @opindex no-detach
 Don't detach the process from the console.  This is mainly useful for
	Modified   doc/gpg.texi
diff --git a/doc/gpg.texi b/doc/gpg.texi
index cddf462..e894f5c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1710,7 +1710,10 @@ This is dummy option. It has no effect when used with @command{gpg2}.
 @item --agent-program @var{file}
 @opindex agent-program
 Specify an agent program to be used for secret key operations.  The
-default value is the @file{/usr/bin/gpg-agent}.
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}.  Note that the pipe symbol (@code{|}) is
+used for a regression test suite hack and may thus not be used in the
+file name.
 @ifclear gpgtwoone
 This is only used
 as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
	Modified   doc/gpgsm.texi
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index bc6326c..34b6024 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -358,7 +358,9 @@ Change the default name of the policy file to @var{filename}.
 @item --agent-program @var{file}
 @opindex agent-program
 Specify an agent program to be used for secret key operations.  The
-default value is the @file{/usr/local/bin/gpg-agent}.
+default value is determined by running the command @command{gpgconf}.
+Note that the pipe symbol (@code{|}) is used for a regression test
+suite hack and may thus not be used in the file name.
 @ifclear gpgtwoone
 This is only used
 as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
	Modified   doc/tools.texi
diff --git a/doc/tools.texi b/doc/tools.texi
index d9ce81e..d556b6d 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1199,7 +1199,11 @@ Try to be as quiet as possible.
 
 @item --agent-program @var{file}
 @opindex agent-program
-Specify the agent program to be started if none is running.
+Specify the agent program to be started if none is running.  The
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}.  Note that the pipe symbol (@code{|}) is
+used for a regression test suite hack and may thus not be used in the
+file name.
 
 @ifset gpgtwoone
 @item --dirmngr-program @var{file}
	Modified   tests/openpgp/defs.inc
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index b7320d5..941f786 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -244,10 +244,9 @@ for f in gpg.conf gpg-agent.conf ; do
     case "$f" in
       gpg.conf)
         [ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f"
-        echo "agent-program $GPG_AGENT" >>"$f"
+        echo "agent-program ${GPG_AGENT}|--debug-quick-random" >>"$f"
         echo "allow-weak-digest-algos" >>"$f"
-
-      ;;
+        ;;
       gpg-agent.conf)
         echo "pinentry-program $PINENTRY" >>"$f"
         ;;
	Modified   tests/openpgp/version.test
diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test
index cae8b68..057bcf0 100755
--- a/tests/openpgp/version.test
+++ b/tests/openpgp/version.test
@@ -39,9 +39,12 @@ done
 # create a faked random seed file.  Note that we need to set the
 # agent-program so that gpg-connect-agent is able to start the agent
 # we are currently testing and not an already installed one.
+# The "|--debug-quick-random" is a hack to start gpg-agent with
+# that option on the command line.
 info "Starting the agent"
 $MKTDATA 600 >random_seed
-if $GPG_CONNECT_AGENT -v --agent-program="$GPG_AGENT" /bye; then
+if $GPG_CONNECT_AGENT -v \
+    --agent-program="${GPG_AGENT}|--debug-quick-random" /bye; then
     :
 else
     error "starting the gpg-agent failed"



-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list